Legacy Product Discussions

FAS270 Filer and Domain controller clocks are more than 5 minute apart.

badoemanny
14,999 Views

Hi All

 

I am abou to embark on NS0-163 exam in July. My friend has leant me his FAS270 Filer to familiarize myself with building a filer from scratch. I have hit a stumbling block already and would need some assistance please.

 

Basically, I have built a Domain Controller called with AD and DNS called DIR.LOCAL, IP address of 192.168.0.100. I have added my new filer to DNS, its called GBIPS-I-FS1, IP address of 192.168.0.100. I have also added it to Computers in Active Directory.

 

I then re-initialized the disks on the Filer to set up from scratch and went through the set up process till I got to the authentication aspect. Basically I have pasted the messages I am getting regarding Time services not configured on Filer, then filer and Domain Controller are five minutes apart.

 

Would someone please give me some further assistance to get this filer configured, so I can be on my way to prepare for the exams. Any help will be valuable

 

Thanks

 

Manny

 

Below is a summary of the message:

 

 

GBIPS-I-FS1> cifs setup
This process will enable CIFS access to the filer from a Windows(R) system.
Use "?" for help at any prompt and Ctrl-C to exit without committing changes.

        Your filer does not have WINS configured and is visible only to
        clients on the same subnet.
Do you want to make the system visible via WINS? [n]:
        A filer can be configured for multiprotocol access, or as an NTFS-only
        filer. Since multiple protocols are currently licensed on this filer,
        we recommend that you configure this filer as a multiprotocol filer

(1) Multiprotocol filer
(2) NTFS-only filer

Selection (1-2)? [1]: 1
        CIFS requires local /etc/passwd and /etc/group files and default files
        will be created.  The default passwd file contains entries for 'root',
        'pcuser', and 'nobody'.
Enter the password for the root user []:
Retype the password:
        The default name for this CIFS server is 'GBIPS-I-FS1'.
Would you like to change this name? [n]:
        Data ONTAP CIFS services support four styles of user authentication.
        Choose the one from the list below that best suits your situation.

(1) Active Directory domain authentication (Active Directory domains only)
(2) Windows NT 4 domain authentication (Windows NT or Active Directory domains)
(3) Windows Workgroup authentication using the filer's local user accounts
(4) /etc/passwd and/or NIS/LDAP authentication

Selection (1-4)? [1]: 1
What is the name of the Active Directory domain? [DIR.LOCAL]:
***     In Active Directory-based domains, it is essential that the filer's
***     time match the domain's internal time so that the Kerberos-based
***     authentication system works correctly. If the time difference between
***     the filer and the domain controllers is more than 5 minutes,
***     authentication will fail.
Time services are currently not configured
***     on this filer, and further, the Java system, which the time services
***     depend on, is not enabled. We recommend that you enable Java on this
***     system and then configure time services
.

        In order to create an Active Directory machine account for the filer,
        you must supply the name and password of a Windows account with
        sufficient privileges to add computers to the DIR.LOCAL domain.
Enter the name of the Windows user [Administrator@DIR.LOCAL]: Administrator
Password for Administrator:
CIFS - unable to log into domain as Administrator@DIR.LOCAL.
        Please try again (Ctrl-C to exit).
Enter the name of the Windows user [Administrator]:
Password for Administrator:
Could not authenticate with domain controller: Filer and Domain controller clocks are more than 5 minute apart.
Filer and Domain Controller times must be synchronized in Windows 2000 domains.

CIFS - unable to log into domain as Administrator@DIR.LOCAL.
        Please try again (Ctrl-C to exit).

15 REPLIES 15

ChrisHolloway
14,967 Views

The quickest way to get it going would just be to alter the FAS270's clock to be within 5 minutes of a DC's clock.  You can use the date command for this.

For a longer term solution, you can setup ONTAP to use time services to synchronize it's clock.  Check out the set of options under options timed.

Once you've got the time sorted, just re-run cifs setup.

Chris

badoemanny
14,969 Views

Hi Chris

I will give it a go as soon as I get home tonight. Will keep you posted

Thanks

Manny

badoemanny
14,967 Views

Hi Chris

I don't seem to have had much joy. I am not sure how the options timed works; ran it with some options but not sure what it was meant to do

GBIPS-I-FS1> options timed
timed.enable                 off
timed.log                    off
timed.max_skew               30m
timed.min_skew               10
timed.proto                  ntp
timed.sched                  1h
timed.servers
timed.window                 0s
GBIPS-I-FS1> timed.enable
timed.enable not found.  Type '?' for a list of commands
GBIPS-I-FS1> timed.enable on
timed.enable not found.  Type '?' for a list of commands
GBIPS-I-FS1> options timed.enable on
timed requires java which is not enabled on this system
GBIPS-I-FS1> options timed.servers
timed.servers
GBIPS-I-FS1> options timed.servers ?
option timed.servers requires Java, which is not enabled on this system
GBIPS-I-FS1> options timed.window
timed.window                 0s
GBIPS-I-FS1> date
Thu Jun 18 23:34:11 GMT 2009
GBIPS-I-FS1> date
Thu Jun 18 23:34:52 GMT 2009

My DC is running GMT so I thought the Filer will synchronize, but it hasn't and I still get the cifs error message as per my original email.

The date on the filer is Thu Jun 18 23:34:52 GMT 2009, I need it to be in in UK format of ddmmyy; I believe that will help me resolve this issue.

By the way I tried running "timezone" from the DC's command prompt but there is no such command did a search on the net but no joy - all talking about how to set the timezone at the command prompt.

Any advice and commands I need to run on the Filer will be most welcome

Regards

Manny

richard5
14,969 Views

I'd avoid the CIFS setup all together and install ONTAP over HTTP.

See page 95 in

http://now.netapp.com/NOW/knowledge/docs/ontap/rel7261/pdfs/ontap/upgrade.pdf

If you don't have a handy HTTP server see http://code.google.com/p/mongoose/ which

can be installed on your laptop.

badoemanny
14,969 Views

Hi Richard

Appreciate your assistance. How does this mongoose app work. Just installed it on my work laptop, then ran it but only got a blank screen. Is there something I need to tweek in the confg file?

Regards

Manny

ramirezm23
9,189 Views

I had the same issue with joining my FAS2020 to my domain.  It came preloaded with Data on Tap 7.2.  What I did to resolve the issue was the following:

-Setup CIFS on a local workgroup which was option #3 on the list.

-Once this is done, you will have access to the FAS via windows explorer on any machine that has an IP on your domain.

-On a domain workstation, type in: the FAS' IP address in a windows explorer and C$.  EX=     \\192.168.1.21\c$

-Extract the DOT files to the ETC directory.

-On a local console to the FAS, type:  download

-After the latest version of DOT was installed, I was able to change the timezone to the same one as my DC's.

-My DC's timezone was let's say GMT-8, but when I attempted to set GMT-8 on the filer it would not update.  At this point you can do one of two things:

The first option:

  1.      Leave the filer's timezone as GMT, and set the time on your filer to the current GMT time by using the date command.  EX:  DC time is 0900 GMT+8, then leave the timezone on the filer as GMT and se the time on the filer to 0100.  Then you can run CIFS with Active Directory Authentication, but first you would need to:

     -terminate CIFS previously setup for a workgroup.  Run the following command:  cifs terminate

     -run cifs setup again with AD auth.  This worked for me.

The second option:

     2.       Set the timezone on the filer according to the geographic region (see attached doc for valid timezones) that your DC has the time setup for instead of using GMT.  Example run: timezone America/Los_Angeles

     -After the time zone is set, run a date command and set the same time as on your DC.  Example run: date 201101150800     The format is yyyymmddhhmm

     -terminate CIFS previously setup for a workgroup.  Run the following command:  cifs terminate

     -run cifs setup again with AD auth.  This worked for me as well.

Good luck!   

aborzenkov
9,189 Views

Leave the filer's timezone as GMT, and offset the time on your filer by -8 hours from GMT by using the date command.

Just to avoid confusion from other readers. What you are actually doing, is simply setting filer time to current GMT time, not offsetting GMT time by some other value.

Setting time zone to fixed offset from GMT is wrong for any part of the world where summer time is in use. Those "geographically named" time zones actually provide table when summer/winter time changes happens, also for the past changes (if any); so using these time zones ensures correct time representation also for dates in the past.

ramirezm23
9,189 Views

Thank you for the comments.  I have since revised my post to be clear on what I did.

danielpr
14,968 Views

Hi Manny,

Seems to be the Data ONTAP is not installed properly, because the storage systems is saying Java is not enabled. This is the case then you have to install the same Data ONTAP version using the command "software install". Once the installation is done double check the Java by issuing a command in the Filer command prompt and the output should be similar to the following

FAS2020> java
Usage: java class_name [args] ==========> Java is enabled in Filer.
FAS2020>

Now you can find a NTP server available in the Internet which serves for UK (GMT) and configure the same. For example i will show you how to configure the  NTP setup in Filer.

FAS2020> ping 0.asia.pool.ntp.org   ====> Check if your NTP server is alive
0.asia.pool.ntp.org is alive
FAS2020> options timed.servers
FAS2020> date
Fri Jun 19 11:30:46 GMT 2009 ===============> Wrong time

FAS2020> options timed.servers 0.asia.pool.ntp.org
Reminder: you should also set option timed.servers on the partner node
or the next takeover may not function correctly.

FAS2020> options timed.enable on
Reminder: you should also set option timed.enable on the partner node
or the next takeover may not function correctly.
FAS2020>

So the time sync will happen with the public NTP servers during the scheduled time. To get the date/time sync immediealty you need to go for RDATE which is the other Timed protocol. Basically some NTP servers used to support Rdate aswell.

Since my NTP server doesn’t support the RDATE I have gone for another Public NTP server for the Rdate sync.

FAS2020> ping tick.greyware.com
stan.greyware.com is alive
FAS2020> rdate tick.greyware.com
Fri Jun 19 06:28:33 GMT 2009  ====================> Time has been synced with the Rdate Server
FAS2020>

Now the Storage System should be in sync with the Public NTP servers. Now check the date and time with your DC.

Thanks
Daniel

badoemanny
14,968 Views

Hi Daniel

One concern I have is to do with the Mongoose software. I tried to run it on my work laptop, of course at work but only got a blank screen. Not sure if there are tweeks that need to be made in the confg file.

Once you confirm the fix for mongoose, I will give this a try over the weekend.

Will keep you posted

Kind Regards

Manny

danielpr
14,969 Views

Hi Manny,

You create folder in C:\NTAP, Now try to edit the mongoose.conf @ C:\mongoose (installed path) as following.

root c:\NTAP

ports 80,443s

access_log c:\mongoose_access_log.txt

error_log c:\mongoose_error_log.txt

After this try to open the browser just by typing http://localhost. It should show the content on NTAP folder.

Thanks;

Daniel

badoemanny
12,230 Views

Ok Chaps

Just want say a big thank you for all your help. Although I had to postpone the exam till the 30th of July due to other circumstances, I managed to change the time by going back one hour and it seemed to have worked for me. I have since updated the Data Ontap to 7.2.6.1. I am not sure if I should go to three yet; but for the time being I seem to be up and running and can get to the FilerView too.

I'll appreciate it too if you guys have any further info on studying for the NS0-163 exam; I have the Data Ontap Fundamentals course book and I am trying out the practise exams on the netapp website; alos learning a bit about the CLI commands. I beleieve I need to read a bit about synch mirroring and SnapRestores. Because I have only the one Filer, I am attempting the Netapp Simulator option to help me with the Synch Stuff. So any help will be very handy

Regards

Manny

stratify_tc
9,189 Views

Manny,

Just out of curossity why not simply run the date command from the CLI and get the clocks in sync?

big01> date
Thu Jan  7 18:33:17 PST 2010
big01> date 201001071833
Warning: currently syncing to the time kept by the cluster partner; the partner's time setting will eventually override the time set by the "date" command.  Consider running the "date" command on the partner.
Thu Jan  7 18:33:00 PST 2010
big01> date
Thu Jan  7 18:33:01 PST 2010
big01>

nwleaphart
9,188 Views

I had the same problem, but my FAS3050 is set to sync with the DC on our domain. Now, whenever I try to set our FAS3050 to sync with our DC for time\date, I get this error:

rdate:recvfrom:connection refused

Any idea what I can do to get around this? Or maybe link I could do a bit of RTFM'ing from?

cserpadss
9,188 Views

Can you sync to your domain controller from any other machine? The error as it states it's telling you that your domainn controller is refusing its connection.

Public